Presentation is loading. Please wait.

Presentation is loading. Please wait.

Audit Plan Michelangelo Collura, Folake Stella Alabede, Felice Walden, Matthew Zimmerman.

Published byPaula Sternberg Modified over 5 years ago

Similar presentations

Presentation on theme: "Audit Plan Michelangelo Collura, Folake Stella Alabede, Felice Walden, Matthew Zimmerman."— Presentation transcript:

1 Audit Plan Michelangelo Collura, Folake Stella Alabede, Felice Walden, Matthew Zimmerman

2 Process Overview SQL Server for real-time database mirroring
Hot off-site backup employed High performance mode Minimal downtime is priority Manual failover currently employed Principal DB owner decides in crisis

3 Risk Assessment TECHNICAL THREATS HUMAN/NATURAL THREATS Risk
Risk Assessment High = 5 Med = 3 Low = 1 Risk Applicable Likelihood Vulnerability Impact Current Impact Risk Rating Impact risk severity Impact of risk realization Action taken to lessen Risk Risk action recommendation TECHNICAL THREATS HVAC Failure/Temperature Inadequacy (hardware) Y 1 Low Equipment failure within data center if not detected early and the system is down for a protracted period. mitigate Ensure backup HVAC equipment is tested regularly and monitoring systems to detect failure early. Telecommunications Failure – Voice (hardwire landlines) Inability to communicate with relevant parties and business units Network redundancy should be built into the VOIP protocol. Alternative phone lines should be provided to relevant parties in cases of emergencies. Local Area Network Failure 3 High Inability to service customers and connect to the firm’s infrastructure The Network topology should be designed with high level redundancy and fault isolation. Infrastructure should be backed up in a hot site to allow for quick failover. Fire data center primary 5 Medium Loss of software and hardware Ensure that the appropriate fire extinguisher for electrical equipment are on site and they are test regularly. Smoke detectors and sensors are installed in the facility. Fire data center mirror location Data should be replicated and backed-up at various sites. Ensure that the appropriate fire extinguisher for electrical equipment are on site and they are test regularly. Smoke detectors and sensors are installed in the facility. Power Outage - Internal Loss of use of hardware and software Ensure critical systems are connected to the UPS for immediate failover. Power generators are maintained regularly. A system should be in place to detect the source of the power-out Power Outage - External Ensure Backup generators are functional and maintained. Work with local municipalities to ensure we have priority status for restoration service. Hardware Failure Loss of use of equipment For essential equipment, ensure possible cross-over to temporary remote location with mirrored access. Info System software (Application) Failure Inability to service customers - possible ripple impact over entire entity Work with 3rd party vendors or in-house developers to ensure current working version of software is still available from vendor or internal copies are up to date. Wide Area Network Failure In ability to service customers  Ensure that there are is an Alternate ISP Service provider for HUMAN/NATURAL THREATS Key staff not available Inability to restore until key staff available. Cross training for all key and mid-level positions involved in DR efforts. Documentation current. Disgruntled Employee Laterally move employee to position that lessens impact of his/her adverse action on company Ensure that mental health issues are addressed and remediated within department with HR protocols. Terrorist Act (cyber, international or domestic) Loss of all WAN and internet access Ensure all reasonable preventive measures are taken. Human Error - Operations Loss of data integrity or repudiation of transactions Training, repetition and procedures need to be in place, known and enforced.

4 Audit Scope (Required Activities)
Determine maximum downtime and financial loss from data center going dark without warning Compare to current DR plan documentation estimates Interview admins and leadership to determine DR plan awareness and training levels The audit team will submit change requests for audit expansions to the planning committee for final determination.

5 Audit Scope (Out of Scope Activities)
Determination of company-wide DR plan training and awareness Flaws in current DR plan beyond SQL server DB mirroring System hardware Security

6 Roles & Responsibilities
Audit Team Position Role Michelangelo Collura Audit Program Mgr Process Overview; Audit Scope Stella Alabede Auditor/Audit Account Manager Risk Assessment; Auditor Felice Walden Auditor/Risk Assessment Manager Matt Zimmerman Auditor/Business Analyst Audit Schedule and Deliverable Supervisor; Auditor

7 Audit Hours Planning Testing Reporting
Audit Schedule: April 1, 2018 thru May 31, 2018 Planning Phase: April 2 – 13, 2018 80 hrs/auditor 4 Auditors Required 320 Hours total for planning phase Key Deliverables: Audit Plan Planning 320 total hours Testing 480 total hours Reporting 360 total hours

8 Audit Hours (Continued)
Testing Phase: April 16, 2018 thru May 11, 2018 160 hrs/auditor 3 Auditors required weekly 480 hours total for testing phase Key Deliverables: Expense Forms Time Sheets Change Requests Traffic Data Analysis

9 Audit Hours (Continued)
Reporting Phase: May 14 – 31, 2018 120 hrs/auditor 4 auditors required 360 hours total for reporting phase Key Deliverables: Audit Report

10 Key Dates April 13, 2018: Deliver Audit Plan to Senior Leadership
April 16, 2018: Begin testing Disaster recovery plan for SQL Server and begin identifying and evaluating and risks. April 23-27: Visit hot an cold off-sites to identify risks May 31, 2018: Deliver Audit findings to Senior Leadership

11 Total Hours Planning Testing Reporting 320 total hours 480 total hours

12 Questions?

Download ppt "Audit Plan Michelangelo Collura, Folake Stella Alabede, Felice Walden, Matthew Zimmerman."

Similar presentations

Museum Presentation Intermuseum Conservation Association.

Museum Presentation Intermuseum Conservation Association.
Information Technology Disaster Recovery Awareness Program.

Information Technology Disaster Recovery Awareness Program.
Business Plug-In B4 MIS Infrastructures.

Business Plug-In B4 MIS Infrastructures.
CIOassist Technologies Your CIO on Demand… Business Continuity Planning Our Offering CIOassist Technologies (www.cioassist.in)www.cioassist.in

CIOassist Technologies Your CIO on Demand… Business Continuity Planning Our Offering CIOassist Technologies (
Chapter 13 Managing Computer and Data Resources. Introduction A disciplined, systematic approach is needed for management success Problem Management,

Chapter 13 Managing Computer and Data Resources. Introduction A disciplined, systematic approach is needed for management success Problem Management,
1 Disaster Recovery “Protecting City Data” Ron Bergman First Deputy Commissioner Gregory Neuhaus Assistant Commissioner THE CITY OF NEW YORK.

1 Disaster Recovery “Protecting City Data” Ron Bergman First Deputy Commissioner Gregory Neuhaus Assistant Commissioner THE CITY OF NEW YORK.
Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP)

Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP)
BCP/DRP Consultancy Project- An approach

BCP/DRP Consultancy Project- An approach
1 Disk Based Disaster Recovery & Data Replication Solutions Gavin Cole Storage Consultant SEE.

1 Disk Based Disaster Recovery & Data Replication Solutions Gavin Cole Storage Consultant SEE.
Business Continuity Planning and Disaster Recovery Planning

Business Continuity Planning and Disaster Recovery Planning
© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.

© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.
Copyright 2004 Turning Point Solutions Establishing Lines Of Communication Before a Crisis.

Copyright 2004 Turning Point Solutions Establishing Lines Of Communication Before a Crisis.
TEL382 Greene Chapter 11. 10/27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.

TEL382 Greene Chapter /27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.
Physical and Cyber Attacks1. 2 Inspirational Quote Country in which there are precipitous cliffs with torrents running between, deep natural hollows,

Physical and Cyber Attacks1. 2 Inspirational Quote Country in which there are precipitous cliffs with torrents running between, deep natural hollows,
Chapter 13 Network Management and Operations. Agenda Objectives Scope Functions Software Security Physical Facility Staffing.

Chapter 13 Network Management and Operations. Agenda Objectives Scope Functions Software Security Physical Facility Staffing.
Network security policy: best practices

Network security policy: best practices
Business Crisis and Continuity Management (BCCM) Class Session 15 15 - 1.

Business Crisis and Continuity Management (BCCM) Class Session
IT Assurance and Reliability Why Should You Care? Richard Oppenheim, CPA, CITP President, SysTrust Services Corporation Presented to ISACA Regional Meeting.

IT Assurance and Reliability Why Should You Care? Richard Oppenheim, CPA, CITP President, SysTrust Services Corporation Presented to ISACA Regional Meeting.
Services Tailored Around You® Business Contingency Planning Overview July 2013.

Services Tailored Around You® Business Contingency Planning Overview July 2013.
November 2009 Network Disaster Recovery October 2014.

November 2009 Network Disaster Recovery October 2014.

Similar presentations

Ads by Google